cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer I

DISA STIG Management

To anyone that works in the DoD space... how can you take a .ckl file and add the new STIG requirements to that ckl file to be reviewed so that you can avoid having to review ALL of the STIG requirements every quarter?

10 Replies
Highlighted
Newcomer I

Re: DISA STIG Management

You can't. Welcome to DOD internal written software.

 

You will need to generate the new checklist and copy/paste any findings/comments back over, keeping an eye open for changed items. Not too difficult if you are lucky enough to do this on a SCAP scan, but that's limited to something like 8 checklists total.

 

Now if someone was willing to pay me, I could build a new checklist manager that can compare an old+new checklist, create a "combined" checklist with proper formatting & a list of what's new, but it will take about 6 months. I would also need to work it on personal time, so... yeah, never gonna happen.

Highlighted
Newcomer I

Re: DISA STIG Management

Hey Samhain, actually DISA released the new version of STIG Viewer last week and it does exactly what I was asking. Maybe my back and forth with them got them to do it... I have no idea but I think it was released on Oct. 23. I've tested it and it works perfect. Basically you make a new checklist and then import in the previous checklist. You're left with the delta as not reviewed.
Highlighted
Newcomer I

Re: DISA STIG Management

Yep. They did fix that "little" issue finally. I saw the release on Friday, but hadn't pulled it down yet. We aren't due for a full STIG review until next month, so wasn't in a rush.

 

Now if I can just figure out how to work with the XCCDF files directly in my own apps, I'll be set. I really want to automate the IIS 8.5 STIG for our web servers. It's a real pain hand-checking every setting.

Highlighted
Newcomer I

Re: DISA STIG Management

May you please share the URL of this STIG Viwer. I really need help on this.

Highlighted
Newcomer I

Re: DISA STIG Management

Highlighted
Newcomer I

Re: DISA STIG Management

thanks for this. I downloaded the Stig viewer. but unable to find an option to copy or import old ckl file into new ckl file. Can you please help on this ?

 

 

Highlighted
Newcomer I

Re: DISA STIG Management

Open stig viewer and import your STIGs. Then checklist, create checklist. Once you have the checklist with the current STIGs you will go to import and choose xccdf. Then choose your d checklist and it will bring everything in.
Newcomer I

Re: DISA STIG Management

Thanks Kdaily, it helped a lot.

Highlighted
Newcomer I

Re: DISA STIG Management

Be aware that the latest STIG viewers use the new vulnerability IDs and internal format structure, so old CKL files may not import in the new version correctly. You may need to dig up an older version of the viewer depending on how old the CKL file is.